User: Password:
|
|
Subscribe / Log in / New account

openSUSE alert openSUSE-SU-2013:1177-1 (xorg-x11-server)

From:  opensuse-security@opensuse.org
To:  opensuse-updates@opensuse.org
Subject:  openSUSE-SU-2013:1177-1: moderate: update for xorg-x11-server
Date:  Thu, 11 Jul 2013 06:04:28 +0200 (CEST)
Message-ID:  <20130711040428.2B526321EA@maintenance.suse.de>
Archive-link:  Article, Thread

openSUSE Security Update: update for xorg-x11-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1177-1 Rating: moderate References: #815583 #823410 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This xorg-x11-server update fixes a DoS vulnerability and adds randr support. - U_os-Reset-input-buffer-s-ignoreBytes-field.patch * If a client sends a request larger than maxBigRequestSize, the server is supposed to ignore it. Before commit cf88363d, the server would simply disconnect the client. After that commit, it attempts to gracefully ignore the request by remembering how long the client specified the request to be, and ignoring that many bytes. However, if a client sends a BigReq header with a large size and disconnects before actually sending the rest of the specified request, the server will reuse the ConnectionInput buffer without resetting the ignoreBytes field. This makes the server ignore new X clients' requests. This fixes that behavior by resetting the ignoreBytes field when putting the ConnectionInput buffer back on the FreeInputs list. (bnc#815583) - u_xserver_xvfb-randr.patch * Add randr support to Xvfb (bnc#823410) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-106 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): xorg-x11-Xvnc-7.6_1.9.3-15.40.1 xorg-x11-Xvnc-debuginfo-7.6_1.9.3-15.40.1 xorg-x11-server-7.6_1.9.3-15.40.1 xorg-x11-server-debuginfo-7.6_1.9.3-15.40.1 xorg-x11-server-debugsource-7.6_1.9.3-15.40.1 xorg-x11-server-extra-7.6_1.9.3-15.40.1 xorg-x11-server-extra-debuginfo-7.6_1.9.3-15.40.1 xorg-x11-server-sdk-7.6_1.9.3-15.40.1 References: https://bugzilla.novell.com/815583 https://bugzilla.novell.com/823410


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds